labunix's blog

labunixのラボUnix

findで「iptables-save.unixtime」の形式のバックアップファイルを整理する。 

■しばらく使って問題も無くいい感じ。
 ※2012/11/10から。

$ w3m -dump https://raw.github.com/labunix/smallfirewall/master/iptables
#!/bin/bash
### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    $remote_fs $syslog $time
# Required-Stop:     $remote_fs $syslog $time
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Custom script for iptables
# Description:       Custom script for iptables (Squeeze)
#                    Last Update:2012/11/10
#                    Author     :labunix@linux.jp
### END INIT INFO

function myreset() {
  echo -n "$@"
  if [ -s "${MYSAVE}" ];then
    mv "$MYSAVE" "$MYBACK" && echo -ne "\nSave...\n $MYBACK\n"
  else
    rm "$MYBACK"
  fi
  iptables-save -c > "${MYSAVE}"

  # delete filter rules
  for MYFILTER in INPUT OUTPUT FORWARD;do
    iptables -t filter -F "$MYFILTER"
  done
  iptables -t filter -F
  unset MYFILTER

  # delete mangle rules
  for MYMANGLE in PREROUTING POSTROUTING INPUT OUTPUT FORWARD;do
    iptables -t mangle -F "$MYMANGLE"
  done
  iptables -t mangle -F
  unset MYMANGLE

  # delete nat rules
  for MYNAT in PREROUTING POSTROUTING OUTPUT;do
    iptables -t nat -F "$MYNAT"
  done
  iptables -t nat -F
  unset MYNAT

  # delete raw rules
  for MYRAW in PREROUTING OUTPUT;do
    iptables -t raw -F "$MYRAW"
  done
  iptables -t raw -F
  unset MYRAW

  # delete policy rules
  for MYPOLICY in INPUT OUTPUT FORWARD;do
    iptables -P "$MYPOLICY" ACCEPT
  done
  unset MYPOLICY

  # delete custom chain
  iptables -L | grep Chain | grep -v "INPUT\|OUTPUT\|FORWARD" | \
  for MYCHAIN in `xargs`;do
    iptables -X "$MYCHAIN"
  done
  unset MYCHAIN

  # argument check
  if [ "$1" == "ERROR" ];then
    exit 1
  fi

  # ending
  unset MYUNIXTIME MYSAVE MYBACK
  echo "done"
  exit 0
}

# save file and backup file
MYUNIXTIME=`date '+%s'`
MYSAVE="/etc/iptables-save"
MYBACK="${MYSAVE}.${MYUNIXTIME}"
test -f "$MYSAVE" || touch "$MYSAVE"
test -f "$MYSAVE" || myreset "ERROR : touch $MYSAVE"
test -f "$MYBACK" || touch "$MYBACK"
test -f "$MYBACK" || myreset "ERROR : touch $MYBACK"

if [ "`id -u`" -ne "0" ];then
  myreset "ERROR : Sorry, Not Permit User!"
fi

chmod 600 "$MYSAVE" || myreset "ERROR : chmod $MYSAVE"
chmod 600 "$MYBACK" || myreset "ERROR : chmod $MYBACK"

case $1 in
start)
  echo -n "$0 starting... "
  iptables-restore -c "$MYSAVE" || myreset "ERROR : iptables not start!"
  echo "done"
  ;;
stop)
  myreset "$0 stopping... "
  ;;
*)
  echo "Usege $0 [start|stop]"
  ;;
esac

# ending for Usage
unset MYUNIXTIME MYSAVE MYBACK
exit 0

■ファイルサイズが「0」なら削除。

$ sudo find /etc/iptables-save.* -type f -size 0 -exec rm -f {} \;

■7日よりも前のファイルは削除してしまおう。

$ sudo find /etc/iptables-save.* -type f -mtime +7 -exec rm -f {} \;

■7日以内のファイルが残った。

$ find /etc/iptables-save.* -type f -exec ls -l {} \; | \
  awk '{print $6,$7,$8,$5}' | sed s%/etc/iptables-save.%%g
2013-03-28 10:48 1364483353 540
2013-03-29 00:09 1364505146 547
2013-03-29 06:12 1364612446 547
2013-03-30 12:00 1364737982 392
2013-03-31 22:53 1364763475 393
2013-04-01 05:57 1364907912 394
2013-04-02 22:05 1364940611 394
2013-04-03 07:10 1364996107 394
2013-04-03 22:35 1365003659 394

■あえて面倒な方法で出力してもかまいません。

$ for epoch in /etc/iptables-save.*;do \
    echo $(echo $epoch | sed s%/etc/iptables-save.%%g | \
           env LANG=C date '+%Y/%m/%d %H:%M %s' -d "@`xargs`"; \
           echo `ls -l $epoch | awk '{print $5}'`); \
  done
2013/03/29 00:09 1364483353 540
2013/03/29 06:12 1364505146 547
2013/03/30 12:00 1364612446 547
2013/03/31 22:53 1364737982 392
2013/04/01 05:57 1364763475 393
2013/04/02 22:05 1364907912 394
2013/04/03 07:10 1364940611 394
2013/04/03 22:35 1364996107 394
2013/04/04 00:40 1365003659 394